Anti-Phishing Phil

About the game

Anti-Phishing Phil is an interactive game that teaches users how to identify phishing URLs, where to look for cues in web browsers, and how to use search engines to find legitimate sites.

Our user studies have found that user education can help prevent people from falling for phishing attacks. However, it is hard to get users to read security tutorials, and many of the available online training materials make users aware of the phishing threat but do not provide them with enough information to protect themselves. Our studies demonstrate that Anti-Phishing Phil is an effective approach to user education.

Licenses

Anti-Phishing Phil is an entertaining and fun way to inform your
employees or customers about phishing attacks and how to avoid them.
It can be customized with your organization's URLs and branding information or integrated into a larger training program.
For information about commercial licensing, including opportunities to
have the game customized for your business or training program, please
visit Wombat Security or contact sales @ wombatsecurity.com.

Credits

Anti-Phishing Phil was developed by members of the
CMU Usable Privacy and Security
Laboratory with funding from the US National Science Foundation
(Cyber Trust initiative) and ARO/CyLab. The game design team was led by
Steve Sheng and included Alessandro Acquisti, Lorrie Cranor, Jason Hong,
Ponnurangam Kumaraguru, Bryant Mangien, and Elizabeth Nunge. Patrick
Kelley provided the fish artwork. Thanks to
all members of the Supporting Trust
Decisions project for their feedback on early versions of the game.